Scope
Vayun is an AI assistant platform that helps businesses respond to messages, answer questions, capture leads, support bookings, and automate customer-facing conversations across WhatsApp, websites, and related digital channels.
This Privacy Policy applies when people use Vayun’s website, dashboard, embeddable chat widget, WhatsApp integrations, booking flows, connected integrations, and support channels.
In this document, “Client” means a business, clinic, consultant, organisation, account owner, workspace owner, or authorised team member using Vayun. “End user” means a person who interacts with a client’s Vayun-powered assistant, including through WhatsApp, website chat, booking pages, or other connected channels.
Vayun is operated by Vijay Kumar Raju Penmetsa from Hyderabad, India, pending completion of business registration. Once the legal entity details are finalised, this Policy may be updated to reflect the registered entity name and address.
Where a client uses Vayun to communicate with its own end users, the client is responsible for deciding the purpose and lawful basis of that communication. For such end-user data, Vayun generally acts as a service provider/data processor on behalf of the client, except where Vayun processes limited data for its own service security, debugging, billing, legal compliance, or platform-improvement purposes.
Data we collect
Depending on how the service is used, we may collect account and profile data, chat and messaging data, knowledge-base and uploaded content, lead/contact/booking data, integration data, operational and analytics data, and support communications data.
Examples include names, email addresses, phone numbers, WhatsApp identifiers, appointment details, uploaded PDFs/DOCX/TXT files, text snippets, Q&A pairs, extracted summaries, search index data, WhatsApp business account IDs, phone number IDs, Shopify connection data, calendar data, payment-related records where applicable, webhook logs, application logs, and security logs.
How we collect data
We collect data directly from clients when they create an account, upload files, configure a chatbot, connect integrations, create booking flows, or contact support.
We also collect data automatically through use of the service, from third-party services that clients choose to connect, and from end users when they interact with a client’s Vayun-powered assistant, booking page, WhatsApp number, or web chat.
Why we use data
We use personal data to operate, secure, and improve the service. This includes account management, authentication, chat/search/knowledge-base/WhatsApp/web-widget/booking/calendar/integration/payment features, storage and retrieval of client content, embeddings, summaries, AI-assisted responses, lead capture, appointment records, follow-up workflows, troubleshooting, misuse detection, service communications, legal compliance, dispute resolution, and protection of users, clients, end users, systems, and rights.
AI-specific processing
Vayun uses AI systems to process certain content submitted by clients and end users. This may include chat prompts, retrieved context, document snippets, transcript text, document chunks, conversation summaries, and embeddings used for search and answer generation.
We may create search indexes and vector representations from uploaded or submitted content so the service can retrieve relevant information later. Clients should not upload or submit content unless they have the right to do so and are comfortable using AI-assisted processing for that content.
AI-generated output may contain mistakes, omissions, outdated information, or unsuitable responses for a specific situation. Clients and end users should review important outputs before relying on them, especially for professional, financial, medical, legal, or operational decisions.
Sensitive data and healthcare-related use
The MVP can technically process sensitive or health-related data because it supports clinic-style onboarding, appointments, free-text chats, uploads, and contact records.
Unless and until Vayun publishes a dedicated healthcare or regulated-data offering, clients should not use the service for emergency care, diagnosis, treatment decisions, or workflows that require specific contractual, technical, or regulatory commitments not expressly offered by Vayun.
Clients are responsible for deciding whether their use of Vayun is suitable for their sector, internal policies, and legal obligations.
Sharing of data
We do not sell personal data.
We may share personal data only as reasonably necessary with infrastructure and operations providers, AI service providers, client-selected integrations, relevant client workspaces, professional advisers, regulators, authorities, and parties involved in protecting rights, safety, systems, property, or service integrity.
For the current MVP, relevant service categories may include self-hosted cloud infrastructure, database/storage systems, vector search, AI processing, WhatsApp/Meta integrations, authentication, payment providers, and logging/security components.
Retention
During the MVP and beta testing period, personal data may be retained for up to 90 days to support product testing, debugging, service improvement, security review, and client support, unless a longer period is required by law, dispute handling, backup recovery, or a client-approved operational need.
After general availability, standard retention periods may be reduced. For example, chat and messaging data may be retained for around 30 days by default, unless the client requests a longer retention period, configures a different retention setting, or the data is needed for service operation, legal obligations, security, dispute handling, or support.
Clients may request deletion by contacting support@vayun.ai. Some deleted data may remain temporarily in backups or logs until normal backup rotation, security, or legal retention periods expire.
| Data category | MVP / beta retention approach |
|---|---|
| Chat and messaging data | Up to 90 days during MVP/beta; expected to reduce after launch |
| Leads, contacts, and booking data | Retained while the client account is active or until deleted/requested |
| Uploaded knowledge-base content | Retained while the client uses it, until removed or deletion is requested |
| Operational logs | Retained only as long as reasonably needed for debugging, security, and operations |
| Backups | May persist for a limited rolling backup period before automatic overwrite or deletion |
Security
We use technical and organisational measures intended to protect personal data, including authentication controls, access controls, ownership checks, signed tokens where applicable, upload restrictions, file scanning, webhook verification in certain flows, and restricted internal administrative access.
No system is perfectly secure. Clients are responsible for keeping account credentials safe, limiting internal access, and configuring the service responsibly. If you believe an account or data has been compromised, contact us promptly at support@vayun.ai.
International transfers and data location
Vayun aims to process and host MVP service data primarily in India using Indian cloud infrastructure where practical.
However, some third-party services, integrations, infrastructure providers, AI providers, authentication providers, payment providers, or messaging platforms may process data in other jurisdictions depending on their own systems, configurations, and terms. By using the service, clients understand that some data may be processed outside India if required by connected services or selected integrations.
Your choices and rights
Clients may be able to access, correct, update, export, or delete certain data through the product itself. Depending on applicable law, individuals may also have rights to request access, correction, deletion, withdrawal of consent where consent is the basis for processing, or complaint review.
Privacy requests may be sent to support@vayun.ai. We may ask for reasonable verification before acting on a request.
End users who interacted with a client’s Vayun-powered assistant should normally contact that client/business first for access, correction, deletion, opt-out, or consent-related requests, because the client controls the relationship and communication purpose. Vayun may assist clients with such requests where reasonably possible.
Children
The service is not intended for children. Clients must not use Vayun to knowingly collect personal data from children in violation of applicable law.
Client responsibilities
Clients must have the legal right to upload, submit, connect, or otherwise process the data they use with Vayun.
If clients use Vayun to interact with their own end users, clients are responsible for providing required notices, obtaining required consents, and ensuring their use of Vayun complies with applicable law, industry rules, internal policies, and platform rules.
Clients must not use Vayun for spam, unsolicited messaging, abusive communications, misleading communications, illegal communications, or any activity that violates applicable laws or WhatsApp Business Platform / Meta policies.
Clients are responsible for the content, templates, timing, purpose, and nature of messages sent using the service. Clients are also responsible for ensuring that any personal or sensitive data collected through Vayun is handled in accordance with applicable laws and their own privacy obligations.
For WhatsApp and similar messaging channels, clients must obtain clear and explicit opt-in consent before initiating messages to end users, use approved or compliant templates where required, maintain lawful contact lists, and honour opt-out, unsubscribe, or stop requests promptly.
Payments, billing, and refunds during MVP
If payment or booking-payment features are enabled, payment-related processing may be handled through connected payment providers. Vayun may store limited payment-related records needed for booking confirmation, reconciliation, support, fraud prevention, or dispute handling.
During the MVP period, billing, cancellation, and refund requests should be sent to support@vayun.ai. Refund requests will be reviewed case by case according to the applicable plan, usage, service issue, and stage of the client relationship.
Changes to this Policy
We may update this Privacy Policy from time to time. When we make material changes, we may update the effective date and provide notice through the website, product, email, dashboard, or another reasonable method.
Contact
Privacy, support, billing, deletion, refund, and WhatsApp-related requests may be sent to support@vayun.ai.
Backup contact: Vijay Kumar Raju Penmetsa, Hyderabad, India · vijaypenmetsa98@gmail.com · +91 91008 58999.
Until business registration is completed and a registered office address is published, these contact routes will be the primary contact routes for MVP and beta-stage requests.